Merge pull request #32 from AikidoSec/github-release-action

Preparing package setup for release + bugfixes
AikidoSec · Jan 21, 2025 · 9481ba2 · 9481ba2
2 parents a8762db + 53cd844
commit 9481ba2
Show file tree

Hide file tree

Showing 14 changed files with 241 additions and 37 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,65 @@
+name: Publish NuGet Packages
+
+on:
+    release:
+        types: [created]
+
+jobs:
+    publish:
+        runs-on: windows-2022
+        timeout-minutes: 30
+
+        env:
+            DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+            DOTNET_CLI_TELEMETRY_OPTOUT: true
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Cache NuGet packages
+              uses: actions/cache@v3
+              with:
+                  path: |
+                      ~/.nuget/packages
+                      ~/.local/share/NuGet/v3-cache
+                  key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props', '**/*.targets') }}
+                  restore-keys: |
+                      ${{ runner.os }}-nuget-
+
+            - name: Install .NET versions that we need for building the library
+              uses: actions/setup-dotnet@v4
+              with:
+                  dotnet-version: |
+                      6.0
+                      7.0
+                      8.0
+
+            - name: Add msbuild to PATH
+              uses: microsoft/setup-msbuild@v2
+              with:
+                  vs-version: "[17.2,19.0)"
+
+            - name: Install dependencies
+              run: |
+                  dotnet tool restore
+                  dotnet restore
+
+            - name: Install Cake Tool
+              run: dotnet tool install --global Cake.Tool
+
+            - name: Run Cake Script to Build and Pack
+              run: dotnet cake build.cake --target=CreatePackages --libVersion=${{ github.ref_name }}
+
+            - name: Publish NuGet Packages
+              run: |
+                  $ErrorActionPreference = "Stop"
+                  Get-ChildItem -Path artifacts\*.nupkg | ForEach-Object {
+                    try {
+                      dotnet nuget push $_.FullName --api-key ${{ secrets.NUGETAPIKEY }} --source https://api.nuget.org/v3/index.json
+                      Write-Host "Pushed $($_.FullName)"
+                    } catch {
+                      Write-Host "Failed to push $($_.FullName)"
+                      exit 1
+                    }
+                  }
diff --git a/Aikido.Zen.Core/Aikido.Zen.Core.csproj b/Aikido.Zen.Core/Aikido.Zen.Core.csproj
@@ -39,6 +39,6 @@
     <PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.2.0" />
     <PackageReference Include="Microsoft.AspNetCore.WebUtilities" Version="2.2.0" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.2" />
-    <PackageReference Include="System.Text.Json" Version="8.0.1" />
+    <PackageReference Include="System.Text.Json" Version="8.0.5" />
   </ItemGroup>
 </Project>
diff --git a/Aikido.Zen.Core/Helpers/AgentInfoHelper.cs b/Aikido.Zen.Core/Helpers/AgentInfoHelper.cs
@@ -41,7 +41,6 @@ public static AgentInfo GetInfo()
 			_cachedAgentInfo.DryMode = EnvironmentHelper.DryMode;
 			_cachedAgentInfo.Serverless = Environment.GetEnvironmentVariable("AWS_LAMBDA_FUNCTION_NAME") != null || Environment.GetEnvironmentVariable("WEBSITE_INSTANCE_ID") != null;
 
-
 			return _cachedAgentInfo;
 		}
 	}

diff --git a/Aikido.Zen.Core/Helpers/ReflectionHelper.cs b/Aikido.Zen.Core/Helpers/ReflectionHelper.cs
@@ -32,11 +32,9 @@ static ReflectionHelper()
         public static MethodInfo GetMethodFromAssembly(string assemblyName, string typeName, string methodName, params string[] parameterTypeNames)
         {
             // Attempt to load the assembly
-            // Attempt to get the assembly from the cache, if not found, load it
             if (!_assemblies.TryGetValue(assemblyName, out var assembly))
             {
                 assembly = AppDomain.CurrentDomain.GetAssemblies().FirstOrDefault(a => a.GetName().Name == assemblyName);
-                // If the assembly is not loaded, and the assembly path exists, load it
                 if (File.Exists($"{assemblyName}.dll") && assembly == null)
                 {
                     assembly = Assembly.LoadFrom($"{assemblyName}.dll");
@@ -50,12 +48,16 @@ public static MethodInfo GetMethodFromAssembly(string assemblyName, string typeN
             if (!_types.TryGetValue(typeKey, out var type))
             {
                 type = assembly.ExportedTypes.FirstOrDefault(t => t.Name == typeName || t.FullName == typeName);
+
                 if (type == null) return null;
                 _types[typeKey] = type;
             }
 
-            // Use reflection to get the method
-            var method = type.GetMethods().FirstOrDefault(m => m.Name == methodName && m.GetParameters().All(p => parameterTypeNames.Any(ptn => ptn == p.ParameterType.FullName)));
+            // Use reflection to get the method, make sure to check for public, internal and private methods
+            var method = type
+                .GetMethods(BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.Static)
+                .FirstOrDefault(m => m.Name == methodName &&
+                                     m.GetParameters().Select(p => p.ParameterType.FullName).SequenceEqual(parameterTypeNames));
             return method;
         }
 

diff --git a/Aikido.Zen.Core/Patches/SqlClientPatcher.cs b/Aikido.Zen.Core/Patches/SqlClientPatcher.cs
@@ -10,7 +10,8 @@ public static class SqlClientPatcher
     {
         public static bool OnCommandExecuting(object[] __args, MethodBase __originalMethod, DbCommand __instance, string assembly, Context context)
         {
-            var command = __instance;
+            var command = __instance
+                ?? __args[0] as DbCommand;
             var methodInfo = __originalMethod as MethodInfo;
 
             if (context == null)
@@ -37,6 +38,7 @@ public static SQLDialect GetDialect(string assembly)
             {
                 case "System.Data.SqlClient":
                 case "Microsoft.Data.SqlClient":
+                case "System.Data.SqlServerCe":
                     return SQLDialect.MicrosoftSQL;
                 case "MySql.Data":
                 case "MySqlConnector":

diff --git a/Aikido.Zen.DotNetCore/Aikido.Zen.DotNetCore.nuspec b/Aikido.Zen.DotNetCore/Aikido.Zen.DotNetCore.nuspec
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package >
+  <metadata>
+    <id>Aikido.Zen.DotNetCore</id>
+    <version>*</version>
+    <title>$title$</title>
+    <authors>Aikido Security</authors>
+    <owners>Aikido Security</owners>
+    <description>Aikido Security Zen .NET Core Firewall</description>
+    <frameworkReferences>
+      <group targetFramework="net8.0">
+        <frameworkReference name="Microsoft.AspNetCore.App" />
+      </group>
+      <group targetFramework="net7.0">
+        <frameworkReference name="Microsoft.AspNetCore.App" />
+      </group>
+      <group targetFramework="net6.0">
+        <frameworkReference name="Microsoft.AspNetCore.App" />
+      </group>
+    </frameworkReferences>
+    <dependencies>
+      <group targetFramework="net8.0">
+        <dependency id="Lib.Harmony" version="2.3.3" />
+        <dependency id="Microsoft.AspNetCore.Hosting.Abstractions" version="2.2.0" />
+        <dependency id="Microsoft.AspNetCore.Http" version="2.2.2" />
+        <dependency id="Microsoft.AspNetCore.Routing" version="2.2.2" />
+        <dependency id="Microsoft.AspNetCore.Routing.Abstractions" version="2.2.0" />
+        <dependency id="Microsoft.Extensions.DependencyInjection" version="8.0.0" />
+        <dependency id="Microsoft.Extensions.Options" version="8.0.0" />
+        <dependency id="System.Text.Json" version="8.0.1" />
+      </group>
+      <group targetFramework="net7.0">
+        <dependency id="Lib.Harmony" version="2.3.3" />
+        <dependency id="Microsoft.AspNetCore.Hosting.Abstractions" version="2.2.0" />
+        <dependency id="Microsoft.AspNetCore.Http" version="2.2.2" />
+        <dependency id="Microsoft.AspNetCore.Routing" version="2.2.2" />
+        <dependency id="Microsoft.AspNetCore.Routing.Abstractions" version="2.2.0" />
+        <dependency id="Microsoft.Extensions.DependencyInjection" version="7.0.0" />
+        <dependency id="Microsoft.Extensions.Options" version="7.0.0" />
+        <dependency id="System.Text.Json" version="7.0.0" />
+      </group>
+      <group targetFramework="net6.0">
+        <dependency id="Lib.Harmony" version="2.3.3" />
+        <dependency id="Microsoft.AspNetCore.Hosting.Abstractions" version="2.2.0" />
+        <dependency id="Microsoft.AspNetCore.Http" version="2.2.2" />
+        <dependency id="Microsoft.AspNetCore.Routing" version="2.2.2" />
+        <dependency id="Microsoft.AspNetCore.Routing.Abstractions" version="2.2.0" />
+        <dependency id="Microsoft.Extensions.DependencyInjection" version="6.0.0" />
+        <dependency id="Microsoft.Extensions.Options" version="6.0.0" />
+        <dependency id="System.Text.Json" version="6.0.0" />
+      </group>
+    </dependencies>
+  </metadata>
+  <files>
+    <file src="Aikido.Zen.DotNetCore.targets" target="Build\" />
+    <file src="bin\Release\net8.0\Aikido.Zen.Core.dll" target="lib\net8.0" />
+    <file src="bin\Release\net7.0\Aikido.Zen.Core.dll" target="lib\net7.0" />
+    <file src="bin\Release\net6.0\Aikido.Zen.Core.dll" target="lib\net6.0" />
+    <file src="bin\Release\net8.0\Aikido.Zen.DotNetCore.dll" target="lib\net8.0" />
+    <file src="bin\Release\net7.0\Aikido.Zen.DotNetCore.dll" target="lib\net7.0" />
+    <file src="bin\Release\net6.0\Aikido.Zen.DotNetCore.dll" target="lib\net6.0" />
+    <file src="bin\Release\net8.0\libraries\*.*" target="Build\libraries" />
+  </files>
+</package>
diff --git a/Aikido.Zen.DotNetCore/Aikido.Zen.DotNetCore.targets b/Aikido.Zen.DotNetCore/Aikido.Zen.DotNetCore.targets
@@ -0,0 +1,16 @@
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <!-- Include all files in the libraries directory to copy to the output directory -->
+    <None Update="$(MSBuildThisFileDirectory)libraries\**\*.*">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
+
+  <Target Name="CopyLibraries" AfterTargets="Build">
+    <ItemGroup>
+      <!-- Define a new item group for all files in the libraries directory -->
+      <LibraryFiles Include="$(MSBuildThisFileDirectory)libraries\**\*.*" />
+    </ItemGroup>
+    <Copy SourceFiles="@(LibraryFiles)" DestinationFolder="$(OutputPath)libraries\" />
+  </Target>
+</Project>
diff --git a/Aikido.Zen.DotNetCore/Middleware/ContextMiddleware.cs b/Aikido.Zen.DotNetCore/Middleware/ContextMiddleware.cs
@@ -2,6 +2,7 @@
 using Aikido.Zen.Core.Helpers;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
+using System.Collections.Concurrent;
 
 namespace Aikido.Zen.DotNetCore.Middleware
 {
@@ -18,9 +19,9 @@ public ContextMiddleware(IEnumerable<EndpointDataSource> endpointSources)
 
         public async Task InvokeAsync(HttpContext httpContext, RequestDelegate next)
         {
-            // Convert headers and query parameters to dictionaries once
-            var queryDictionary = httpContext.Request.Query.ToDictionary(q => q.Key, q => q.Value.ToArray());
-            var headersDictionary = httpContext.Request.Headers.ToDictionary(h => h.Key, h => h.Value.ToArray());
+            // Convert headers and query parameters to thread-safe dictionaries
+            var queryDictionary = new ConcurrentDictionary<string, string[]>(httpContext.Request.Query.ToDictionary(q => q.Key, q => q.Value.ToArray()));
+            var headersDictionary = new ConcurrentDictionary<string, string[]>(httpContext.Request.Headers.ToDictionary(h => h.Key, h => h.Value.ToArray()));
 
             var context = new Context
             {

diff --git a/Aikido.Zen.DotNetCore/Patches/SqlClientPatches.cs b/Aikido.Zen.DotNetCore/Patches/SqlClientPatches.cs
@@ -46,6 +46,11 @@ public static void ApplyPatches(Harmony harmony)
             PatchMethod(harmony, "MySqlX", "XDevAPI.Relational.Table", "Insert");
             PatchMethod(harmony, "MySqlX", "XDevAPI.Relational.Table", "Update");
             PatchMethod(harmony, "MySqlX", "XDevAPI.Relational.Table", "Delete");
+
+            // NPoco
+            PatchMethod(harmony, "NPoco", "Database", "ExecuteReaderHelper", "System.Data.Common.DbCommand");
+            PatchMethod(harmony, "NPoco", "Database", "ExecuteNonQueryHelper", "System.Data.Common.DbCommand");
+            PatchMethod(harmony, "NPoco", "Database", "ExecuteScalarHelper", "System.Data.Common.DbCommand");
         }
 
         private static void PatchMethod(Harmony harmony, string assemblyName, string typeName, string methodName, params string[] parameterTypeNames)
@@ -59,7 +64,8 @@ private static void PatchMethod(Harmony harmony, string assemblyName, string typ
 
         private static bool OnCommandExecuting(object[] __args, MethodBase __originalMethod, object __instance)
         {
-            var dbCommand = __instance as System.Data.Common.DbCommand;
+            var dbCommand = __instance as System.Data.Common.DbCommand
+                ?? __args[0] as System.Data.Common.DbCommand;
             if (dbCommand == null) return true;
             var assembly = __instance.GetType().Assembly.FullName?.Split(", Culture=")[0];
             return Aikido.Zen.Core.Patches.SqlClientPatcher.OnCommandExecuting(__args, __originalMethod, dbCommand, assembly, Zen.GetContext());

diff --git a/Aikido.Zen.DotNetFramework/Aikido.Zen.DotNetFramework.nuspec b/Aikido.Zen.DotNetFramework/Aikido.Zen.DotNetFramework.nuspec
@@ -1,17 +1,29 @@
 <?xml version="1.0" encoding="utf-8"?>
 <package >
   <metadata>
-    <id>$id$</id>
-    <version>$version$</version>
+    <id>Aikido.Zen.DotNetFramework</id>
+    <version>*</version>
     <title>$title$</title>
-    <authors>$author$</authors>
+    <authors>Aikido Security</authors>
+    <owners>Aikido Security</owners>
+    <description>Aikido Security Zen .NET Framework Firewall</description>
     <requireLicenseAcceptance>false</requireLicenseAcceptance>
     <license type="expression">MIT</license>
-    <!-- <icon>icon.png</icon> -->
-    <projectUrl>http://project_url_here_or_delete_this_line/</projectUrl>
-    <description>Aikido Zen, An in-app firewall for .NET</description>
-    <releaseNotes>Summary of changes made in this release of the package.</releaseNotes>
     <copyright>Copyright 2024 Aikido</copyright>
     <tags>firewall .NET</tags>
+    <dependencies>
+        <dependency id="Lib.Harmony" version="[2.3.3,99.99.99)" />
+        <dependency id="Microsoft.AspNetCore.Http.Abstractions" version="[2.2.0,99.99.99)" />
+        <dependency id="Microsoft.AspNetCore.WebUtilities" version="[2.2.0,99.99.99)" />
+        <dependency id="Microsoft.Extensions.Logging.Abstractions" version="[8.0.2,99.99.99)" />
+        <dependency id="System.Text.Json" version="[8.0.5,99.99.99)" />
+    </dependencies>
   </metadata>
+  <files>
+    <file src="Aikido.Zen.DotNetFramework.targets" target="Build\" />
+    <file src="bin\Release\libraries\libzen_internals_x86_64-pc-windows-gnu.dll" target="Build\libraries\" />
+    <file src="bin\Release\libraries\libzen_internals_x86_64-pc-windows-gnu.dll.sha256sum" target="Build\libraries\" />
+    <file src="bin\Release\Aikido.Zen.Core.dll" target="lib" />
+    <file src="bin\Release\Aikido.Zen.DotNetFramework.dll" target="lib" />
+  </files>
 </package>
diff --git a/Aikido.Zen.DotNetFramework/Aikido.Zen.DotNetFramework.targets b/Aikido.Zen.DotNetFramework/Aikido.Zen.DotNetFramework.targets
@@ -0,0 +1,21 @@
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <!-- Include the DLLs you want to copy to the output directory -->
+    <None Include="$(MSBuildThisFileDirectory)libraries\libzen_internals_x86_64-pc-windows-gnu.dll">
+      <Link>libraries\libzen_internals_x86_64-pc-windows-gnu.dll</Link>
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Include="$(MSBuildThisFileDirectory)libraries\libzen_internals_x86_64-pc-windows-gnu.dll.sha256sum">
+      <Link>libraries\libzen_internals_x86_64-pc-windows-gnu.dll.sha256sum</Link>
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
+
+  <Target Name="CopyLibraries" AfterTargets="Build">
+    <ItemGroup>
+      <!-- Define a new item group for the specific files to copy -->
+      <LibraryFiles Include="@(None)" Condition="'%(FileName)' == 'libzen_internals_x86_64-pc-windows-gnu'" />
+    </ItemGroup>
+    <Copy SourceFiles="@(LibraryFiles)" DestinationFolder="$(OutputPath)libraries\" />
+  </Target>
+</Project>
diff --git a/Aikido.Zen.DotNetFramework/Patches/SqlClientPatches.cs b/Aikido.Zen.DotNetFramework/Patches/SqlClientPatches.cs
@@ -3,6 +3,7 @@
 using HarmonyLib;
 using Aikido.Zen.Core.Models;
 using Aikido.Zen.Core.Helpers;
+using Aikido.Zen.Core;
 
 namespace Aikido.Zen.DotNetFramework.Patches
 {
@@ -27,6 +28,14 @@ public static void ApplyPatches(Harmony harmony)
             PatchMethod(harmony, "System.Data.SqlClient", "SqlCommand", "ExecuteScalar");
             PatchMethod(harmony, "System.Data.SqlClient", "SqlCommand", "ExecuteReader", "System.Data.CommandBehavior");
 
+            //SQL ServerCE
+            PatchMethod(harmony, "System.Data.SqlServerCe", "SqlCeCommand", "ExecuteNonQuery");
+            PatchMethod(harmony, "System.Data.SqlServerCe", "SqlCeCommand", "ExecuteScalar");
+            PatchMethod(harmony, "System.Data.SqlServerCe", "SqlCeCommand", "ExecuteReader", "System.Data.CommandBehavior");
+            PatchMethod(harmony, "System.Data.SqlServerCe", "SqlCeCommand", "ExecuteNonQuery");
+            PatchMethod(harmony, "System.Data.SqlServerCe", "SqlCeCommand", "ExecuteScalar");
+            PatchMethod(harmony, "System.Data.SqlServerCe", "SqlCeCommand", "ExecuteReader", "System.Data.CommandBehavior");
+
             // SQLite
             PatchMethod(harmony, "Microsoft.Data.Sqlite", "SqliteCommand", "ExecuteNonQuery");
             PatchMethod(harmony, "Microsoft.Data.Sqlite", "SqliteCommand", "ExecuteScalar");
@@ -50,6 +59,11 @@ public static void ApplyPatches(Harmony harmony)
             PatchMethod(harmony, "MySqlX", "XDevAPI.Relational.Table", "Insert");
             PatchMethod(harmony, "MySqlX", "XDevAPI.Relational.Table", "Update");
             PatchMethod(harmony, "MySqlX", "XDevAPI.Relational.Table", "Delete");
+
+            // NPoco
+            PatchMethod(harmony, "NPoco", "Database", "ExecuteReaderHelper", "System.Data.Common.DbCommand");
+            PatchMethod(harmony, "NPoco", "Database", "ExecuteNonQueryHelper", "System.Data.Common.DbCommand");
+            PatchMethod(harmony, "NPoco", "Database", "ExecuteScalarHelper", "System.Data.Common.DbCommand");
         }
 
         /// <summary>
@@ -78,7 +92,8 @@ private static void PatchMethod(Harmony harmony, string assemblyName, string typ
         /// <returns>True if the original method should continue execution; otherwise, false.</returns>
         private static bool OnCommandExecuting(object[] __args, MethodBase __originalMethod, object __instance)
         {
-            var dbCommand = __instance as System.Data.Common.DbCommand;
+            var dbCommand = __instance as System.Data.Common.DbCommand
+                ?? __args[0] as System.Data.Common.DbCommand;
             if (dbCommand == null) return true;
             var assembly = __instance.GetType().Assembly.FullName?.Split(new[] { ", Culture=" }, StringSplitOptions.RemoveEmptyEntries)[0];
             return Aikido.Zen.Core.Patches.SqlClientPatcher.OnCommandExecuting(__args, __originalMethod, dbCommand, assembly, Zen.GetContext());
-Original file line number
+Diff line change
@@ Expand Up / @@ -41,7 +41,6 @@ public static AgentInfo GetInfo() @@
     			_cachedAgentInfo.DryMode = EnvironmentHelper.DryMode;
     			_cachedAgentInfo.Serverless = Environment.GetEnvironmentVariable("AWS_LAMBDA_FUNCTION_NAME") != null || Environment.GetEnvironmentVariable("WEBSITE_INSTANCE_ID") != null;
     			return _cachedAgentInfo;
     		}
     	}
@@ Expand Down @@